Comments (4)
This is a real challenge when maintain a source code repository with a team. What happens in practice is that people comment out sections of the inventory since its the easiest thing that works. That of course leads to all the nasty challenges associated with commented code.
I think a simple solution here is to provide a whitelist
feature, which you can provide as variable when running the playbook. That whitelist can be a simple comma delimited list, and then the role would be enhanced to only run the objects
in the inventory that are on the whitelist. This would give end users fine grain control of execution, without having to modify the inventory.
@InfoSec812 @oybed what do you guys think?
from casl-ansible.
I think that having a blacklist/whitelist feature would be valuable. I would suggest that we discuss at what level and how granularly to apply them though. Do we apply it at the object
level, object:name
level, or something else?
from casl-ansible.
@InfoSec812 @sherl0cks This requires some discussion as it's deviates from the original plan. I'll schedule a discussion with you guys and @etsauer (once he's back from PTO).
from casl-ansible.
@etsauer and I had a follow-up discussion tonight, and think this is a good idea overall. Eric proposed that we look to use a tag & filter strategy instead, as it allows for potential a better way of handling grouping (and more operators), so we'll work on an implementation for that. In essence, it's very similar to this whitelist strategy. However, considering that #102 changes the underlying structure quite a bit as well, we'll be closing out PR #93 and start working on the filter/tags strategy ASAP to get that working as soon as possible.
from casl-ansible.
Related Issues (20)
- Review security port requirements on OSP
- Not all variables in group_vars supported HOT 3
- Update docs/PROVISIONING_*.md to use new installer image HOT 1
- Add role to be able to apply labels based on regular expression
- python-ovirt-engine-sdk4 needed in casl-ansible docker image for ovirt provisioner
- Add ovirt/rhv as a provider
- Update to use applier 2.0.6 HOT 1
- openshift_configure_container_storage is now required - it shouldn't be
- Add 8444/tcp to master SG in AWS HOT 1
- etcd nodes separate from masters in aws HOT 1
- etcd nodes separate from masters in aws HOT 1
- Unsupported parameters for (openshift_facts) HOT 2
- aws openshift provisioning failing with ssh unable to connect to hosts
- Boto3 aws regions HOT 2
- Dockerfile build of casl-ansible fails, http://rpm-repo-ci-op-gx9lsp9t.svc.ci.openshift.org/repodata/repomd.xml give a 503 error HOT 1
- Docs for OKD deployment
- Dead links
- Openshift-labels role due to missing param: namespace_param
- Update openshift-labels role documentation to indicate that it can be used to apply multiple labels
- Move support roles to casl-galaxy HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from casl-ansible.